Installing a local Firefox sync server

The Firefox web browser has a nice feature: it can synchronise your bookmarks, history, remembered credentials and even installed add-ons between various Firefox installations on various operating systems and computers. When one has multiple computers running multiple operating systems, this is a godsend.

Drawbacks of the default cloud-based storage

Normally, Firefox sync stores your bookmarks and other data ‘in the cloud’. This is easy to setup, but introduces two potential problems:

  1. You probably do not have sole and absolute control over the machines storing your data; and
  2. To perform a sychronisation, you must have Internet access.
    1. The first problem is mitigated by the fact that supposedly, the Firefox sync component encrypts your data before uploading them to the cloud (this is what your ‘recovery key’ is for). Nevertheless, not everyone is comfortable with this.

      The second problem can be more serious, depending on the specific use case. In my use case, I can guarantee fairly frequent access from Firefox to my other machines (sometimes via the Internet), but I cannot guarantee Internet access quite as easily. If need be, I can obtain physical access to my systems even without any Internet access; but I cannot similarly obtain physical access to the Firefox Sync cloud servers.

      You might think this wouldn’t matter – what is the point of a web browser without Internet access? One answer is: offline Web development.

      For these and other reasons, a local installation of the Firefox sync service is useful.

      Installing a local Firefox sync server


      This procedure assumes that you already have:

      1. A working Apache web server running on a UNIX-like operating system;
      2. Root on the web server machine;
      3. Python 2.6 or newer, also on the web server


      1. Create a user (and optionally group) to own the new installation. The user will not be able to log in interactively.
        sudo useradd -d /var/local/firefox-sync -s /bin/false ffsync
      2. Install the mercurial version control software, aka hg
        Under Debian, this is accomplished with:
        sudo apt-get install mercurial
      3. Check out the Firefox sync server source code:
        hg clone
      4. cd into the source code directory:
        cd server-full
      5. Build the source code:
        make build
      6. Create a directory to contain the encrypted data, usable only by user ‘ffsync’:
        sudo mkdir /var/local/firefox-sync
        sudo chown ffsync:ffsync /var/local/firefox-sync
        sudo chmod 700 /var/local/firefox-sync
      7. Edit the Firefox sync service configuration file at /usr/local/firefox-sync/etc/sync.conf, and point the two SQLite storage URLs in INI sections ‘storage’ and ‘auth’ at some arbitrary database filename in the previously-created data directory. The database file will be created later if it does not already exist. Mine looked in relevant part like this:
        sqluri = sqlite:////var/local/firefox-sync/firefox-sync.db
        sqluri = sqlite:////var/local/firefox-sync/firefox-sync.db
      8. In the same file, also in INI section ‘auth’, set the value ‘fallback_node’ to the URL of a nonexistent virtual host (which we are about to create). I unimaginatively chose the name ‘ffsync’, yielding:
        fallback_node = http://ffsync.mydomain/
      9. Create a new Apache name-based virtual host named ‘ffsync’.
        The easiest way to do this is probably to duplicate, rename and modify the configuration file for an existing virtual host. Under Debian, these configuration files are located in /etc/apache2/sites-available
      10. Add the following stanza to the configuration file for the ‘ffsync’ virtual host:
        # For FireFox Sync using WSGI
        WSGIProcessGroup sync
        WSGIDaemonProcess sync user=ffsync group=ffsync processes=2 threads=25
        WSGIPassAuthorization On
        WSGIScriptAlias / /usr/local/firefox-sync/sync.wsgi

        Note: The directive on the last line, beginning WSGIScriptAlias /, intercepts requests for the URL /. This is why the sync service is best run from a wholly separate vhost which it has all to itself.
      11. Enable the ffsync vhost:
        sudo a2ensite ffsync

Leave a Reply

Your email address will not be published. Required fields are marked *